Email us at [email protected] to get your API keys.

All Breadcrumbs API calls require the client use HMAC authentication.

## Each requests requires the following HTTP Headers:

  1. X-API-Key - Select show on your chosen application's API Access dashboard. This is the API Key as displayed on the dialog.

  2. X-API-Signature - An HMAC-SHA256 hash of the nonce concatenated with the full URL and body of the HTTP request, signed using your API secret. See below for an example in how to generate the API_Signature.

  3. X-API-Nonce - A number that can only be used once per use and is higher than all previous nonces used. A nonce is used to prevent replay-attacks. We highly recommend the nonce you use is a Unix Epoch timestamp at the time of the API call, for example 1631066988, which is the time at Wed, 08 Sep 2021 02:09:48 GMT.

  4. Content-Type : application/json

Signature Generating Example

//Below is an example of creating the API_SIGNATURE

string API_Secret = "aCgXdxDqTSGIbyCnh4YoEZ4oZ4QBF04Uhe76RpxX9NY9s6rCZ4";
int Nonce = 1631066988;
string API_Call_Body = "";
string API_Call_URL = "";

string message = nonce.ToString() + url + body;

message would equal:


Note - make sure there's no spaces between the variables. If it's a POST call, you need to use double quotations. GET API calls will not have a need for quotations since the parameters are in the url, and not the body variable.


string API_Signature = HMAC_SHA_256_Hash(message, API_Secret);

API_Signature would equal:

Helpful tools to generate the Nonce & Signature

This is a helpful online tool to run the HMAC_SHA_256_Hash:

This is a helpful online tool to get the current unix timestamp: